Monday, February 3, 2025

[USN-7251-1] HarfBuzz vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeg6+EFAwAAAAAACgkQZWnYVadEvpOs
LRAAkunQYOmfMGffp8fzMEGFr7eS+y4orZviM3/b0Y1dflOWX1XewetToFnkvKePWOu/ON1cW8EI
OSXQvqibJ45c9cEW9/hdRCQTdsJ4r2Cak+vicSZTR+bg2QxNFc3NyvjWfezECQSHuSAmav36RcIh
VSq+q497uv59oLePF5RKexxnnNleWdr5NwZLS5YEy/TNmtidU6KKWGFtHxcPSq/JuvDtAFIW5yP4
aHtEKkxL0YBTggpg2oG75IdiUFai7Ga+HpdmiPoOp2GAmOk5mjvOdDNXWGhwzhZgzzqYheeXyrmz
Myh3EU7fT04XacBF8ZSY//8JIvq6Pl9hQTRiOjNu2hzCQqKUgLEgqBP35OuAWRlVwP57H8NTWROA
50GqHA8P2Z0ZA7VlmrQjt2cAmdART4AOgQ4WJ6jbvyaVwHyhFqRJRVE5Dv/RoWt9Rle7S0sZwjDP
rkHwktbcU0Ckt4h25BbYbBlYJBqtpgrU3VKo3vKRoK3kBM3nXjXLWawoj6Og1J3qvK3W11BzE03h
XSsYWYj2vZYLB785RFiTBhXui81tt8+VoVkUeHOTTMvztPtZrT13lxkQ3rNQ5tdxAebZcn0MxlMr
Ep+RFv7LWYygHT1BdovTjSx6hTNDDBRV6svrGVBtLmdex86sJtkK78L3Gpscfc9hbesA4XSzVbSr
dnY=
=1oKa
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7251-1
February 03, 2025

harfbuzz vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

HarfBuzz could be made to consume resources if it opened a specially
crafted font.

Software Description:
- harfbuzz: OpenType text shaping engine

Details:

It was discovered that HarfBuzz incorrectly handled shaping certain fonts.
A remote attacker could possibly use this issue to cause HarfBuzz to
consume resources, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
libharfbuzz0b 2.7.4-1ubuntu3.2

Ubuntu 20.04 LTS
libharfbuzz0b 2.6.4-1ubuntu4.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7251-1
CVE-2023-25193

Package Information:
https://launchpad.net/ubuntu/+source/harfbuzz/2.7.4-1ubuntu3.2
https://launchpad.net/ubuntu/+source/harfbuzz/2.6.4-1ubuntu4.3

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)